Motivation

Previously Mercari was using passwords and faced with real-time phishing attacks, added SMS OTPs as an authentication method to protect their users. While this improved their security, it did not completely eliminate real-time phishing attacks. Sending a high volume of SMS OTPs was also both expensive and not very user-friendly.

Mercari also had a new service Mercoin, a platform for buying and selling Bitcoin with the user’s available balance in Mercari, which had strong security requirements and passkeys met their needs.

Because passkeys are bound to a website or app’s identity, they’re safe from phishing attacks. The browser and operating system ensure that a passkey can only be used with the website or app that created them. This frees users from being responsible for signing in to the genuine website or app.

Requiring users to use extra authentication methods and perform additional action is an obstacle when what users actually want is to accomplish something else using the app.

Adding passkey authentication removes that additional step of SMS OTP and improves user experience while also providing better protection for users from real-time phishing attacks and reducing the cost associated with SMS OTPs.

Results

900,000 Mercari accounts have registered passkeys and the success rate of signing in with them is 82.5% compared to 67.7% success rate for signing in with SMS OTP.

Signing in with passkeys has also proved to be 3.9 times faster than signing in with SMS OTP–Mercari users on average take 4.4 seconds to sign in with passkeys, while it takes them 17 seconds to do the same with SMS OTP.

The higher the success rate of authentication and the shorter the authentication time, the better the user experience and Mercari has seen great success with implementing passkeys.

Learn more about Mercari’s implementation of passkeys

To learn more about how Mercari solved the challenges of making a phishing resistant environment with passkeys, read their blog on Mercari’s passkey adoption.


More

Kookmin Bank Leverages Crosscert FIDO to Provide Easy Biometric Authentication to Its Customers

There is a growing need these days for easy mobile-based authentication services in various industries…

Read More →

White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations

This paper depicts three possible scenarios for integrating FIDO UAF and PKI in Asian countries,…

Read More →